External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-14 04:47:44 -02:30
Code Issues Packages Projects Releases Wiki Activity

fixing xss bugs

Browse Source
This commit is contained in:
John Mitchell
2015-04-29 16:08:32 -04:00
parent 4ac73743e5
commit b127e7f276
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx/ui/static/js/shared/Utilities.js
View File

@@ -15,7 +15,7 @@
export default export default
angular.module('Utilities', ['RestServices', 'Utilities']) angular.module('Utilities', ['RestServices', 'Utilities', 'sanitizeFilter'])
/** /**
* @ngdoc method * @ngdoc method
@@ -99,9 +99,10 @@ angular.module('Utilities', ['RestServices', 'Utilities'])
* alert-info...). Pass an optional function(){}, if you want a specific action to occur when user * alert-info...). Pass an optional function(){}, if you want a specific action to occur when user
* clicks 'OK' button. Set secondAlert to true, when a second dialog is needed. * clicks 'OK' button. Set secondAlert to true, when a second dialog is needed.
*/ */
.factory('Alert', ['$rootScope', function ($rootScope) { .factory('Alert', ['$rootScope', '$filter', function ($rootScope, $filter) {
return function (hdr, msg, cls, action, secondAlert, disableButtons, backdrop) { return function (hdr, msg, cls, action, secondAlert, disableButtons, backdrop) {
var scope = $rootScope.$new(), alertClass, local_backdrop; var scope = $rootScope.$new(), alertClass, local_backdrop;
msg = $filter('sanitize')(msg);
if (secondAlert) { if (secondAlert) {
$('#alertHeader2').html(hdr); $('#alertHeader2').html(hdr);

8
awx/ui/static/js/shared/prompt-dialog.js
View File

@@ -27,16 +27,16 @@
*/ */
export default export default
angular.module('PromptDialog', ['Utilities']) angular.module('PromptDialog', ['Utilities', 'sanitizeFilter'])
.factory('Prompt', ['$sce', .factory('Prompt', ['$sce', '$filter',
function ($sce) { function ($sce, $filter) {
return function (params) { return function (params) {
var dialog = angular.element(document.getElementById('prompt-modal')), var dialog = angular.element(document.getElementById('prompt-modal')),
scope = dialog.scope(), cls, local_backdrop; scope = dialog.scope(), cls, local_backdrop;
scope.promptHeader = params.hdr; scope.promptHeader = params.hdr;
scope.promptBody = $sce.trustAsHtml(params.body); scope.promptBody = $filter('sanitize')(params.body);
scope.promptAction = params.action; scope.promptAction = params.action;
local_backdrop = (params.backdrop === undefined) ? "static" : params.backdrop; local_backdrop = (params.backdrop === undefined) ? "static" : params.backdrop;